I found following useful solutions for cross site scripting in Java after spending hours on Google.
I like the first solutions most that’s clean and easy to implement:
http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/
http://www.rgagnon.com/javadetails/java-0306.html
http://javawebparts.sourceforge.net/
Below is cleanXSS method that I used in my project.
private String cleanXSS(String value)
{
value = StringEscapeUtils.escapeHtml(value);
value = StringEscapeUtils.escapeJavaScript(value);
value = value.replaceAll("eval\\((.*)\\)", "");
value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']","\"\"");
value = value.replaceAll("(?i)script", "");
return value;
Thanks,
Vishal
No comments:
Post a Comment